the special sauce writes
"A few months back, our customers (we run a regional ISP) started receiving deceptive domain renewal notices from Verisign and Verisign partners such as Interland. A couple of our customers temporarily lost their domains in the process as the registrant, contact information and hosting company was all changed. Yesterday, I received an e-mail from a customer. He was forwarding a "reminder" e-mail he had received. It was an SSL certificate "renewal" notice from a UK company, Comodo. It instructed him to "upgrade" his current certificate (issued by Equifax) before it expired." More information on this charming practice follows...
the special sauce Continues:
"For those who don't know, Equifax was just bought out by GeoTrust, who offers a QuickSSL product. Comodo's e-mail was advertising an "InstantSSL" product, which I myself mistook for the GeoTrust product on first reading the e-mail. When I realized my mistake, I contacted Comodo and inquired as to their relationships with Equifax and GeoTrust and how they came by my customer's information. The response: "We have no relationship with Equifax or GeoTrust. The information on a certificate is public information which we have used to inform this company that they have an option when they come to buy their certificate." My interpretation: Comodo is harvesting contact information from certificates in bad faith, to market a competing product. Furthermore, I think they have targeted Equifax customers because the company was just bought out. In any buyout, confusion exists as to the "new" company's identity. I think they are offering a product whose name is confusing similar to a GeoTrust's product. The language in their e-mail does everything possible to obfuscate the fact that they are not affiliated with Equifax, encouraging customers to "renew" and "upgrade" their certificates. In reality, if my customer had clicked the links in the e-mail, he would have been purchasing a new certificate from a company with which he had no previous relationship.
So I ask, is this not cert slamming? I don't expect this to be as big a problem as Verisign's domain slamming: we simply host less certificates than domains so it is easier to warn all of our customers with secured web sites. Nevertheless, I've reported the practice to the FTC."
Slashdot Mirror
Comodo is a spam-laden organization. I run a web hosting and network management firm in Edmonton and we've received countless offers for "CHEAP SSL" and other services from Comodo!
It's been thoroughly discussed in other location such as WebHostingTalk.com which I suggest anyone interested in pursuing a Comodo service look at first. These guys actually responded in the forum with a nice show that they don't actually care who they spam provided it makes a buck.
Sincerely,
-Matt
--- Need web hosting?
If this company is UK based i would advise you to report them to the Office of fair trading and the UK Trading Standards , these kinds of practices are despicable and the OFT and TS do not take kindly to this sort of behaviour
Yup, even in the southern hemisphere it's happening.A 53F05EC FC6CC256ABF00090DE4
E A2 77DCC256BC9000CA1D2
Internet Name Group (no URL any more that I can find) and Internet Registry have both been trying it on in Ausralia and New Zealand. The ACCC (commerce department in Aus) and the Commerce Commission in NZ are both keeping an eye on the matter.
Stories on the subject here:
http://www.idg.net.nz/webhome.nsf/nl/D6AC0
and here:
http://www.idg.net.nz/webhome.nsf/nl/A8539751DE
apologies for the evil links... goddam Notes.
I am a leaf on the wind